> ## Documentation Index > Fetch the complete documentation index at: https://docs.fluidehr.com/llms.txt > Use this file to discover all available pages before exploring further. # Rotate API secret ## OpenAPI ````yaml /openapi/fluide-auth.json post /api/v1/authorize/rotate-secret openapi: 3.0.0 info: title: Fluide Auth API description: >- Developer credentials, session management, and identity for the Fluide Suite. version: '1.0' contact: {} servers: - url: https://sandbox.fluidehr.com description: Sandbox security: [] tags: - name: auth description: '' - name: App description: Service root and build metadata. Use for quick connectivity checks. x-group: Operations - name: Auth Context - name: Health description: >- Liveness and readiness probes. Returns dependency status (database, Redis, etc.) for orchestrators and uptime monitors. x-group: Operations - name: Auth - name: BetterAuthOAuthBridge - name: Authorize - name: Organizations - name: Company - name: Onboarding - name: organigram - name: org master data - name: org rbac - name: engagement - name: marketplace admin - name: virtual manager - name: delegation audit - name: workspace - name: client-onboarding - name: partner hub - name: cohort - name: investor portfolio - name: investor-portfolio - name: workflow - name: inter company paths: /api/v1/authorize/rotate-secret: post: tags: - Authorize summary: Rotate API secret operationId: AuthorizeController_rotateSecret_v1 parameters: [] responses: '201': description: Rotated API secret (shown once) content: application/json: schema: allOf: - $ref: '#/components/schemas/ApiResponseDto' - properties: data: description: Endpoint-specific payload '400': description: Validation failed or invalid request parameters content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponseDto' '401': description: Missing or invalid JWT / API key content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponseDto' '403': description: Token valid but insufficient permission for this operation content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponseDto' '404': description: Resource not found or outside caller scope content: application/json: schema: $ref: '#/components/schemas/ApiErrorResponseDto' security: - bearer: [] fluideApiKey: [] fluideClientId: [] x-codeSamples: - lang: bash label: cURL source: |- curl -sS -X POST "$FLUIDE_BASE_URL/api/v1/authorize/rotate-secret" \ -H "Authorization: Bearer $FLUIDE_ACCESS_TOKEN" \ -H "X-Fluide-Api-Key: $FLUIDE_API_KEY" \ -H "X-Fluide-Client-Id: fluide-developer" - lang: node label: Node.js source: >- const baseUrl = process.env.FLUIDE_BASE_URL; const response = await fetch(`${baseUrl}/api/v1/authorize/rotate-secret`, { method: 'POST', headers: { Authorization: `Bearer ${process.env.FLUIDE_ACCESS_TOKEN}`, 'X-Fluide-Api-Key': process.env.FLUIDE_API_KEY, 'X-Fluide-Client-Id': 'fluide-developer', }, }); if (!response.ok) throw new Error(`HTTP ${response.status}: ${await response.text()}`); console.log(await response.json()); - lang: python label: Python source: |- import os import requests base_url = os.environ["FLUIDE_BASE_URL"] headers = { "Authorization": f"Bearer {os.environ['FLUIDE_ACCESS_TOKEN']}", "X-Fluide-Api-Key": os.environ["FLUIDE_API_KEY"], "X-Fluide-Client-Id": "fluide-developer", } response = requests.post( f"{base_url}/api/v1/authorize/rotate-secret", headers=headers, timeout=30, ) response.raise_for_status() print(response.json()) - lang: java label: Java source: >- import java.net.URI; import java.net.http.HttpClient; import java.net.http.HttpRequest; import java.net.http.HttpResponse; String baseUrl = System.getenv("FLUIDE_BASE_URL"); HttpClient client = HttpClient.newHttpClient(); HttpRequest.Builder builder = HttpRequest.newBuilder() .uri(URI.create(baseUrl + "/api/v1/authorize/rotate-secret")) .header("Authorization", "Bearer " + System.getenv("FLUIDE_ACCESS_TOKEN")) .header("X-Fluide-Api-Key", System.getenv("FLUIDE_API_KEY")) .header("X-Fluide-Client-Id", "fluide-developer") .POST(HttpRequest.BodyPublishers.noBody()) .build(); HttpResponse response = client.send(builder.build(), HttpResponse.BodyHandlers.ofString()); if (response.statusCode() >= 400) throw new RuntimeException("HTTP " + response.statusCode() + ": " + response.body()); System.out.println(response.body()); - lang: php label: PHP source: >- true, CURLOPT_CUSTOMREQUEST => 'POST', CURLOPT_HTTPHEADER => [ 'Authorization: Bearer ' . getenv('FLUIDE_ACCESS_TOKEN'), 'X-Fluide-Api-Key: ' . getenv('FLUIDE_API_KEY'), 'X-Fluide-Client-Id: fluide-developer', ], ]); $response = curl_exec($ch); if ($response === false) throw new RuntimeException(curl_error($ch)); $status = curl_getinfo($ch, CURLINFO_HTTP_CODE); if ($status >= 400) throw new RuntimeException("HTTP $status: $response"); echo $response; components: schemas: ApiResponseDto: type: object properties: success: type: boolean example: true description: Whether the request succeeded message: type: string example: Operation completed successfully description: Human-readable outcome message (localized when i18n is configured) data: type: object description: Response payload when success is true required: - success - message ApiErrorResponseDto: type: object properties: success: type: boolean example: false message: type: string example: Validation failed description: Human-readable error message (localized when i18n is configured) code: type: string example: VALIDATION_FAILED description: Stable machine-readable error code for client handling and support errors: type: object description: Field-level validation errors keyed by property name example: from: - from must be a valid date statusCode: type: number example: 400 timestamp: type: string example: '2026-06-03T12:00:00.000Z' required: - success - message - code - statusCode - timestamp securitySchemes: bearer: type: http scheme: bearer bearerFormat: JWT description: >- Access token JWT. Use as Authorization: Bearer . In the API playground, paste the JWT only. fluideApiKey: type: apiKey in: header name: X-Fluide-Api-Key description: >- Developer API key (fl_dev_...). Required on every API call with a machine access token. x-default: fl_dev_your_key fluideClientId: type: apiKey in: header name: X-Fluide-Client-Id description: >- First-party client audience. Must match the fluide_client_id claim on the JWT. Use fluide-developer for Connect. x-default: fluide-developer ````